I have been trying to configure Gluu to connect to an internal OpenLDAP server that requires StartTLS to be enabled. I audited the source code and notice this code: ... SSLUtil sslUtil = new SSLUtil(new TrustAllTrustManager()); ... ... FailoverServerSet failoverSet = new FailoverServerSet(this.addresses, this.ports, sslUtil.createSSLSocketFactory(protocol), connectionOptions); ... In the file: oxCore/oxLdap/src/main/java/org/gluu/site/ldap/LDAPConnectionProvider.java When using SSLUtil I expected (for conditional support of StartTLS) something like Example 2 at this following link: https://docs.ldap.com/ldap-sdk/docs/javadoc/com/unboundid/util/ssl/SSLUtil.html ... StartTLSExtendedRequest startTLSRequest = new StartTLSExtendedRequest(sslContext); ExtendedResult startTLSResult; ... Does Gluu 2.4.4 support cache refresh using StartTLS? I know there is StartTLS functionality in: Shibboleth, but my OpenLDAP configuration does not involve SAML or MS-AD at this time. If StartTLS support is missing from Gluu 2.4.4 should I add a feature request? I have Java code that will enable this feature and I could patch the code in my local build to make Gluu work for my needs. Following up with the rational for requiring StartTLS on the OpenLDAP end: http://www.openldap.org/faq/data/cache/605.html "ldaps:// is deprecated in favor of Start TLS [RFC2830]. OpenLDAP 2.0 supports both."